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REMARKS 

Applicants submit this Amendment in response to the second, non-fmal Official Action 
in the Request for Continued Examination (RCE) of the above-identified patent application. In 
the Official Action, the Examiner rejects all of the pending claims of the present application, 
namely Claims 1-24, under 35 U.S.C. §103(a) as being unpatentable over U.S. Patent No. 
5,798,706 to Jeffrey A. Kraemer, et al, in view of PCX Patent Application Publication No. WO 
97/26734 to Kirby et al. As explained below, however. Applicants respectfully submit that the 
claimed invention is patentably distinct from Kraemer and Kirby, taken individually or in 
combination and, accordingly, traverse this rejection of the claims. Nonetheless, Applicants 
have amended independent Claims 1,6, 11 and 16 to more clearly define the, claimed invention. 
More particularly, Applicants have amended independent Claims 1,6, 11 and 16 to incorporate 
the subject matter of dependent Claims 21-24, and have accordingly, cancelled dependent Claims 
21-24. Further, Applicants have added new Claims 25-32 to claim further patentable features of 
the claimed invention. In view of the amendments to the claims, the newly added claims, and the 
remarks presented herein. Applicants respectfully request reconsideration of the present 
application and allowance of the claims.^ 

As amended, independent Claim 1 of the present application recites an apparatus for 
detecting adversarial activity on a network that includes: 

a memory adapted to store a host table; 

a key exchanger adapted to repeatedlv derive a cipher key such 
that the resulting cipher kev changes over time ; 

a translator adapted to translate predetermined portions of packet 
header information of a data packet according to a cipher algorithm keyed by the 
cipher key, wherein the predetermined portions include an address; 

a mapping device adapted to map the address to the host table; 

a host resolution device adapted to issue a request to the network to 
resolve the address when the address does not match an entry in the host table and 
to supplement the host table with the address upon receipt of a reply to the request 
that indicates that the address is valid; and 



' As Applicants' remarks with respect to the Examiner's rejections are sufficient to overcome these 

rejections, Applicants' silence as to assertions by the Examiner in the Official Action or certain requirements that 
may be applicable to such rejections (e.g., whether a reference constitutes prior art, motivation to combine 
references) is not a concession by Applicants that such assertions are accurate or such requirements have been met, 
and Applicants reserve the right to analyze and dispute such in the future. 
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an actuator adapted to trigger a security device when the address 
does not match an entry in the host table. 

As indicated above and explained below, neither Kraemer nor Kirby, taken individually 
or in combination, teach or suggest the apparatus of amended independent Claim 1 . More 
particularly, neither Kraemer nor Kirby, taken individually or in combination, teach or suggest a 
key exchanger adapted to repeatedly derive a cipher key such that the resulting cipher key 
changes over time , as in amended independent Claim 1 . Noting similar subject matter in former 
dependent Claim 21, the Official Action cites Kirby as allegedly disclosing this feature of the 
claimed invention. Applicants respectfully disagree. 

Kirby, however, is not entirely irrelevant to the subject matter of Applicants' 
claims. At best, Kirby discloses a system and method for transferring encrypted packets 
over a public network. In this regard, Kirby does disclose encrypting data packets in 
accordance with an encryption algorithm and key, which one could argue corresponds to 
the cipher key of the claimed invention. Kirby also discloses a Kerberos Network 
Authentication System in which a trusted computer supplies a pair of computers with a 
secret key with which the pair of computers may transfer encrypted data. Kirby even 
discloses use of a secret key for each tunnel between the pair of computers. Regardless 
of any possible relevance noted above, however, in no instance, does Kirby teach or 
suggest that the key provided to the pair of computers changes over time, much less that 
the trusted computer repeatedly derives a key such that the resuhing key changes over 
time, in a manner similar to that of amended independent Claim 1 . 

Similar to Kirby, Kraemer also fails to teach or suggest the repeated derivation of 
a cipher key and, indeed, is not cited for such a proposition. Applicants therefore 
respectfully submit that neither ICraemer nor Kirby, taken individually or in combination, 
teach or suggest the key exchanger of amended independent Claim 1 . Since neither 
Kraemer nor Kirby, taken individually or in combination, teach or suggest at least a key 
exchanger or translator as recited by amended independent Claim 1 , amended 
independent Claim 1 is patentably distinct from the Kraemer in view of Kirby. Thus, the 
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rejection of amended independent Claim 1 is overcome, and Applicants respectfully 
request withdrawal of the rejection thereof 

Similar to amended independent Claim 1 , amended independent Claim 6 recites a method 
for detecting adversarial activity on a network that includes: 
storing a host table; 

repeatedly deriving a cipher kev such that the resulting cipher key 
changes over time ; 

translating predetermined portions of packet header information of 
a data packet according to a cipher algorithm keyed by the cipher key, wherein 
the predetermined portions include an address; 

mapping the address to the host table; 

issuing a request to the network to resolve the address when the 
address does not match an entry in the host table and supplementing the host table 
with the address upon receipt of a reply to the request that indicates that the 
address is valid; and 

triggering a security device when the address does not match an 
entry in the host table. 

Notably, Claim 6 recites "repeatedly deriving a cipher key such that the resulting cipher key 
changes over time" in similar recitation to the inserted language of currently amended claim 1 . 

Amended independent Claim 1 1 recites a device for detecting adversarial activity on a 
network and includes various means for performing the method of amended independent Claim 



Amended independent Claim 16 recites a bastion host adapted for processing packet 
header information of the data packet and operable to perform the method of amended 
independent Claim 6. 

Therefore, for similar reasons to those described above in conjunction with amended 
independent Claim 1, amended independent Claims 6, 1 1 and 16 are also not taught or suggested 
by Kraemer or Kirby, taken individually or in combination. Thus, the rejection of amended 
independent Claims 6, 1 1 and 16 is also overcome, and Applicants respectfully request that the 
rejection of amended Claims 6, 1 1 and 16 be withdrawn. 

Claims 2-5, 7-10, 12-15 and 17-20 & 25-32, which depend from respective ones of 
amended independent Claims 1,6, 11 and 16, are also patentably distinct from Kraemer and 
Kirby, taken individually or in combination, for at least the same reasons as described above in 
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conjunction with their respective base independent claims? As such, the rejection of the 
dependent claims is therefore also correspondingly overcome, and Applicants respectfully 
request that the rejection of dependent Claims 2-5, 7-10, 12-15 and 17-20 be withdrawn (the 
rejection of Claims 21-24 being rendered moot in view of their cancellation). 



^ As Applicants' remarks with respect to the base independent claims are sufficient to overcome the 

Examiner's rejection of all claims dependent therefrom, Applicants' silence as to the Examiner's assertions with 
respect to the dependent claims is not a concession by Applicants to the Examiner's assertions as to these claims, 
and Applicants reserve the right to analyze and dispute such assertions in the future. 
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CONCLUSION 



In view of the foregoing, it is respectfully submitted that all of the claims of the present 
application are in condition for immediate allowance. It is therefore respectively requested that a 
Notice of Allowance be issued. The Examiner is encouraged to contact Applicants' undersigned 
attorney to resolve any remaining issues in order to expedite examination of present application. 

It is not believed that extensions of time or fees for net addition of claims are required, 
beyond those that may otherwise be provided for in documents accompanying this paper. 
However, in the event that additional extensions of time are necessary to allow consideration of 
this paper, such extensions are hereby petitioned under 37 CFR § 1.136(a), and any fee required 
therefore (including fees for net addition of claims) is hereby authorized to be charged to Deposit 
Account No. 16-0605. 
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